Splunk Search

Community Activity

Expand column in to rows How to Convert _time ColumnA ColumnB timeA 10 ... by teewenjie22 Engager in Splunk Search 01-31-2021 0 3	0	3
Report all real-time searches from the internal audit index Enable alerts and reports on real-time searches seen in the internal audit index. by landen99 Motivator in Splunk Search 01-30-2021 0 2	0	2
Searching for a specific users browsing history I am a newbie to Splunk and am trying to find out what query I can use to find a specific users browsing history for ... by redfan9 New Member in Splunk Search 01-30-2021 0 1	0	1
Disable app on UF using deployment server Hello All,i have a default app which gets installed on the UF during the installation (part of our install script). t... by AzmathShaik Path Finder in Splunk Search 01-29-2021 0 4	0	4
Search running slowly Hi, can anyone make any suggestions as to how I can make this search more efficient? index=prod_service_now sourcety... by shazbot79 Path Finder in Splunk Search 01-29-2021 0 4	0	4
Count By Date I have a search created, and want to get a count of the events returned by date. I know the date and time is stored ... by gn694 Communicator in Splunk Search 01-29-2021 3 5	3	5
How to display counts in the two weeks span for last two weeks and two weeks before I want to display counts latest two weeks (last two weeks), two weeks before and everything else before 4 weeks start... by AshChakor Path Finder in Splunk Search 01-29-2021 0 1	0	1
Replacing multiple values of a field with single value with rex sed Hi All,I have field called stepName which will have below three values.TextResource.getFirstLineTextResource.getSecon... by viswatejabolla New Member in Splunk Search 01-29-2021 0 3	0	3
SPL using search NOT comparing 2 Lookup (csv) files returns wrong results Greetings,I've 2 Lookup (csv) files, one generated from index _internal (approx 15k events) and another generated fro... by marceloalejandr Path Finder in Splunk Search 01-29-2021 0 6	0	6
How to set up an alert to trigger only if a second search does not return results within 30 seconds of the previous search? I have a current alert that is working as expected to capture a log event that states a service is down. We have sta... by dnsGuy314 New Member in Splunk Search 01-29-2021 0 10	0	10
Help Improve my search? All, I have this search here and it's pretty slow. Any recommendations to speed it up? Currently 250.249 seconds and ... by dpwtheitguy Loves-to-Learn Lots in Splunk Search 01-28-2021 0 2	0	2
Splunk Join Optimisation Hi,I have the below query which does the search on two different sources in the same index and join the results based... by deepuhassan Explorer in Splunk Search 01-28-2021 0 6	0	6
Event Field Data Lost When Using Collect to Populate Summary Index I'm having a bit of trouble trying to backfill a couple days in my summary index from a query using the collect comma... by EStallcup Path Finder in Splunk Search 01-28-2021 2 14	2	14
How to populate results from regex into an ldap search? How would I take the results from this search:\| rex field=initiatedBy.user.userPrincipalName "ex(?<GUID>\d+)z\@"And p... by fdevera Path Finder in Splunk Search 01-28-2021 0 3	0	3
Error in 'search' command: Unable to parse the search: Right hand side of IN must be a collection of literals. I'm trying to look for senders where they don't contain values from the lookup mimics.csv. Examples of values in the ... by TheBravoSierra Path Finder in Splunk Search 01-28-2021 0 3	0	3
ISE unique MAC reporting Been testing to get a ISE-Splunk successful authentication report and trying this but the "Calling-Station-ID" is not... by redrobish1 Engager in Splunk Search 01-28-2021 0 2	0	2
brake out individual row by host repeated for each line Here is what I've done. How to break out the results into individual software correctly in Splunk. Any tips could b... by youngsuh Contributor in Splunk Search 01-28-2021 0 3	0	3
Splunk Query to find removed hosts Hi All,Please help me with splunk query to find removed (Off-boarded) hosts & index in splunk by alexspunkshell Contributor in Splunk Search 01-28-2021 0 3	0	3
Field failing to extract (ServiceNow) Hi,I have used the Service Now add on to pull in the incident table. We have a custom SNow field called "dv_u_configu... by shazbot79 Path Finder in Splunk Search 01-28-2021 0 2	0	2
multiple values in pie chart i am trying to figure out what the output values are not showing up in my pie chart. i would eventually like to grap... by gcue Loves-to-Learn in Splunk Search 01-28-2021 0 2	0	2
Question on setting up the alerts I have a search query that outputs the count of the event for all the host (i.e., \| stats count by host)Now if the co... by prettysunshinez Explorer in Splunk Search 01-28-2021 0 4	0	4
What is this issue with the monitor stanza in inputs.conf? I am having an issue with one of my monitor stanza in inputs.conf. The stanza is as below: [monitor://E:Speech\Tomca... by Abha11 Explorer in Splunk Search 01-28-2021 0 3	0	3
ip location and microsoft/google Hello Everyone, We are currently working on exchange logs (IIS), and trying to detect abnormal traffic from different... by sweiland Path Finder in Splunk Search 01-28-2021 0 10	0	10
Two conditions for Lookup Hi,iam stuck with a problem where i need help from you guys. I have a search that runs IDs against a lookup to determ... by DanielAmlung Path Finder in Splunk Search 01-28-2021 0 3	0	3
Compare data between multi column tables and find difference Hi,I have a query that gives a table of records satisfying certain condition. Have another query that gives the same ... by renSplunk New Member in Splunk Search 01-28-2021 0 3	0	3